CVE-2025-52609 PUBLISHED

HCL iControl was affected by Missing Security Headers vulnerability.

Assigner: HCL
Reserved: 18.06.2025 Published: 04.06.2026 Updated: 04.06.2026

HCL iControl was affected by Missing Security Headers vulnerability. which lead to cross-site scripting (XSS) attacks by enabling the built-in XSS filtering mechanisms of modern web browsers.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
CVSS Score: 3.7

Attack Vector	Network	Scope	Unchanged
Attack Complexity	High	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	Low
User Interaction	None	Availability Impact	None

CVSS 3.1

Product Status

Vendor	HCL
Product	iControl
Versions	Default: unaffected Version 4.0.0 is affected

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0131041

Problem Types

CWE-693 CWE-693: Protection Mechanism Failure CWE